Posted
by
Unknown Lamer
on Wednesday July 25, 2012 @10:30AM
from the clever-marketing-campaign-for-osx dept.

tlhIngan writes "Well, it's happened again. Malware has slipped past Apple again and appeared in the iOS App Store. This time though, an iOS application came bundled with two Windows executables containing relatively old malware. It will not infect an iOS device nor Macs, but might affect Windows iTunes users. Looks like Apple needs to update their Windows malware scanner for iOS app submissions now."

This just seems like a lot of work to infect a windows PC. Especially considering the relatively good track record Apple has at preventing malware from appearing on their platform. I almost half wonder if this is more of a proof-of-concept for a bored hacker.

Apple's incompetence? You are suggesting that Apple is responsible for detecting Malware that affects non-Apple OSes? Should they should look for Linux malware also?

And does this apply to other app stores? Should the Windows app store look for malware that affects Apple or Linux? How about Google Play?

Should Apple be responsible for detecting all possible variants of all known malware in Windows? Maybe they should be responsible for detecting zero-day exploits in Windows? Perhaps you'd like Apple to r

Apple doesn't have a responsibility to detect malware at all. They could just sell you the hardware and software and call you an idiot if you execute a program that does something you don't want.

It is however in their best interest to prevent their phone from becoming an infection vector through which their users' PCs could be compromised. Mostly because it will adversely affect sales if they don't.

You are paying for software, and you get send a virus. You don't even know. It gets dropped into a folder you never even think to touch. Now this time, nothing happened. This time. If apple isn't firing people over this, then they do not know what they are doing.

Windows users still outnumber Mac users by a large margin. Considering even the summary says this was "relatively old," it would be trivial for Apple to set up an automated virus scan for app store submissions. I'd argue theyshould have been doing this all along.

What's the probability an iOS app ships with Windows executables inside at all? There is no point in checking for any theoretical content except that which can affect its intended environment: iOS. What next, look through included PDFs to see if they exploit bugs in Adobe Reader?

If Apple is going to market their walled garden as a safe alternative to the Mad Max dystopian hellscape of Google Play, with bands of pirates riding around on patchwork motorcycles, hunting down developers trying to make an honest living and unsuspecting users trying to play their "hit thing with bird" games -- then yes, Apple does have some responsibility to carry through on their end of that bargain. However, given the wild exaggeration of Siri's capabilities in their commercials, Apple seems to take its

Apple's incompetence? You are suggesting that Apple is responsible for detecting Malware that affects non-Apple OSes? Should they should look for Linux malware also?

If they're going to run a "curated" app store, then wouldn't it stand to reason that they actually curate their app store? If you can bundle any random files in your app that you want to, and Apple will approve the app, then Apple is distributing those files for you. You could bundle child porn images using whatever filenames you want even, add them into an otherwise frivolous app, put that on the app store for $.99, advertise it wherever those things are currently advertised with instructions about how t

The way the malware shows up in the IPA, it looks like the developer opened the folder path on an infected Windows machine prior to packaging it up. The filenames indicate the folders were infected by live malware (as the malware names the dropped files after the folder it puts them in, which is the case here).

It's not clear how this even an infection vector for windows computers. How does the payload get executed on a windows machine?It's fairly clear that the dev somehow got malware files packed up in their iphone app package by accident, possibly because of an infected machine somewhere in the workflow. (Like developing content/art/etc on a windows computer)

Judging by the app name alone, it's probably psudo-spam useless shovelware developed by outsourced programmers. The sort of place where I'd expect to see l

It's not clear how this even an infection vector for windows computers. How does the payload get executed on a windows machine?

Maybe that's phase 2.

Either way, I don't know why iOS applications are allowed to distribute windows executable files. While iOS malware is definitely Apple's fault when it happens, I guess you can't really argue that Windows malware is a problem if nothing tries to execute them, and execute them as Administrator after all.

More worrying is what ELSE is lurking in these packages that isn't inspected? What if someone is sneaking child porn in the.ipa that isn't accessed by the app proper? Kind of like how th

Either way, I don't know why iOS applications are allowed to distribute windows executable files. While iOS malware is definitely Apple's fault when it happens, I guess you can't really argue that Windows malware is a problem if nothing tries to execute them, and execute them as Administrator after all.

There is probably just nothing that checks for this kind of nonsense. This is not a threat, just a big WTF.

Sigh, it is secure, or at least this "issue" doesn't show that it isn't secure. Even on a Windows PC, this app cannot infect you through iTunes. The ONLY WAY it can infect the user would be for the user to manually extract the contents of the.IPA (iPhone app), then dig through a bunch of folders, and then try to open the executable (and ignore warnings from Windows not to do so).

There is no way aside from that for this malware to install, infect, or spread.

The only way it might affect them is If they decide that they want to unpackage the app's.ipa package file, extract the two virus files, and then execute them, which only iOS developers and malware researchers might have a valid reason for actually doing. As they're currently packaged, however, they're entirely inert. They weren't even being flagged by Sophos and some of the other AV software out there because of how they were packaged and the fact that there was no way for them to execute.

This is a case of two inert files being accidentally bundled in an app package, which is a bit of a non-story, aside from the humorous aspect of it.

Well, that's a bit complicated of a theory, not to mention there'd be zillions of easier ways to infect a PC. This is ignoring the fact that according to the apps reviews the app worked fine and wasn't 'throwing out errors'. It's a complete non-issue. Leave the tinfoil hat at home on this one.

As I said, the files are inert, so they're not causing errors. Even if the developer inserted an error for malicious reasons, there are easier ways to get malware installed on people's systems. For instance, post a download that will "fix" the problem on your website, then point users to it. Either way, as soon as Apple becomes aware of what's happening, they'll take the app down, which is exactly what happened here already, and the malware gets instantly identified by most AV software once it's removed fro

Easy fix: use Gatekeeper, which will immediately disable any intruding apps that aren't recognized. After that, set up FaceTime to recognize any faces of known people and flag those who are unknown. The Dashboard can then chase them down, apprehend them using Stickies, and keep them locked up in the FileVault (assuming you have version 2).

I don't want to start a holy war here, but what is the deal with you Mac fanatics? I've been sitting here at my freelance gig in front of a Mac (a 8600/300 w/64 Megs of RAM) for about 20 minutes now while it attempts to copy a 17 Meg file from one folder on the hard drive to another folder. 20 minutes. At home, on my Pentium Pro 200 running NT 4, which by all standards should be a lot slower than this Mac, the same operation would take about 2 minutes. If that.

In addition, during this file transfer, Netscape will not work. And everything else has ground to a halt. Even BBEdit Lite is straining to keep up as I type this.

I won't bore you with the laundry list of other problems that I've encountered while working on various Macs, but suffice it to say there have been many, not the least of which is I've never seen a Mac that has run faster than its Wintel counterpart, despite the Macs' faster chip architecture. My 486/66 with 8 megs of ram runs faster than this 300 mhz machine at times. From a productivity standpoint, I don't get how people can claim that the Macintosh is a superior machine.

Mac addicts, flame me if you'd like, but I'd rather hear some intelligent reasons why anyone would choose to use a Mac over other faster, cheaper, more stable systems.

however, modern macs are pretty much in the "use it for a year and do a reinstall" territory because they do slow down(not sure why? spotlight db getting bloated? fs getting fragmented? don't know but it's affecting a lot of people..).

If only Apple hadn't been sitting on their hands for the last 15 years they might have actually made some improvements to the OS, the hardware, the design, their support, their included software, and their consistency since then. They may have even abandoned a slower hardware architecture in favor of a better one.

From the sound of things this doesn't seem like an intentional attempt to infect users co punters via the App Store.

The iOS app itself is NOT malware, and works as its supposed to. The malware is for Win32, and can do nothing on an iOS device, or a Mac, is located deep inside the.app folder directory, and has no way of launching itself. The only way for it to spread, or even run at all would be:

Windows user browses to the iTunes backup folderFor no particular reason at all decides to extract the contents of the.app fileDecides to dig down a few directoies inside of thatOut of boredom decides to run the the infected.exe.

Rather than an intentional attempt to sneak Malware onto the App Store, it sounds more likely to me that the developer of the app was infected themselves, and unknowingly packaged it in the iOS app. Granted, Apple should be doing a virus scan before approving an App, but this malware is DOA barring the extremely unlikely scenario a user would have to do that I listed above for any chance of infection.

Suppose an attacker knows the user has this app installed and can induce them to click a link like "file://{path}/malware.exe", either through ITMS or in some other browsing context... the malware is no longer inert.

Not possible. For one, it's inside of an.IPA file, so the user would have to decide to manually extract the files, THEN run "file://{path}/malware.exe". At which point Windows would ask if you know WTF you are doing, and even saying yes at that point, an up to date Windows Defender would kill it.

Why exactly should Apple be doing a security scan for non-Apple malware? If the various app stores are responsible for checking for non-executable viruses on all platforms then Google Play should be looking for malware applicable to Windows, Apple or Linux. And by this logic the Windows store (when it appears) should be checking for malware on all platforms also.

It's hard enough to stay on top of malware for your own platform, why should vendors be on top of malware aimed at other platforms? Especially a

While I agree with you to some extent, I don't think that making a best effort to be a good neighbor is a bad idea. It's simple to check, and even if you don't have 100% accuracy, the worst you're doing is setting yourself up as a carrier of inert files. Granted, that's not very neighborly, but it's not the end of the world either, except for PR reasons.

Some operating system and application developers--and online stores--scan all files with a battery of anti-malware programs before releasing them. This allows them not just to check for malicious code embedded in those files, but to avoid reports of a false positive detections on files they are going to distribute before they are released.

Many anti-malware programs are available on multiple platforms (Windows, OS X, Linux, BSD, Solaris, and so forth) and their databases are cross platform as well, e.

It's literally impossible for what you describe to work. iTunes can't be made to decompress a purchased ipa file and randomly run a windows executable in a random folder. If you knew anything about how.ipa's, iTunes, or had bothered to read and understand the article you'd know the only way for this malware to do anything would be for a windows user to follow a specific (and unlikely as hell) set of steps and intentionally infect themselves.

How does Windows malware get into an iOS app package? You can generally only develop iOS apps on OS X, so someone either purposely put it there, or has some retarded app development setup that managed to suck a windows virus into an iOS package..

Then it got deployed by Apple.

Then in order for it to infect a target PC, you got to screw around with the iOS package file on WIndows and then purposely run content (and ignore ALL the Windows warnings). Also the malware is generally already covered by most Windo

You could intentionally add a.exe file as a resource to your Foo project, it would get included in the resulting Foo.ipa archive, but to actually run it would have to be extracted from it, which would largely be pointless to do - except if a recipient is a mischievous "asset borrower" who wants to use your game's fancy sprites in his game.

So it seems everyone is not too concerned about the ability to bring malware unscathed through Apple app store? I understand the malware was a windows virus was packaged up quite well in the app, and dormant unless unpackaged and executables were ran. However, wouldn't it be possible to offer an update to the app that, if connected to a windows computer, unpacks and maybe even attempts to execute? If not through an update, perhaps offer a different app that performs the functionality?
I realize these quest

No, because the app, and any update done to it are still iOS apps. They run on your iPhone, iPod, or iPad. There is no way for them to run code on a Windows PC to extract files from itself and run the malware.

I'm right here, and if you'd read the article you'd know this is a complete non-issue. I'd explain why yet again, but instead I'll tell you to see my previous explanation in these comments, or many others explanations, or advise you to read the article.

You don't have to be an "Apple fanboy"; you only need to be a competent Slashdot user. A quick search on Slashdot shows dozens of articles about Android malware, dating back to March 2010. iOS is up to 2, both of which are recent.

In grad school. I did a research paper comparing security between Android and IOS. I cited white papers for my information. There have been plenty of vulnerabilities in IOS and those are only the ones we've heard about. Apple's approach allows them to be secretive about security holes and fix them quietly...should they choose to do so. One of the big reason you hear so much about Android flaws is because the public community finds the flaws and naturally, makes the news public. While to the uninformed